At this point, you can probably tell that there are a lot of similarities between Incident Response, Business Continuity, and Disaster Recovery. In this lesson, we'll try to call out a few things that make planning for Disaster Recovery different.
A key element is the degree to which you need to use your imagination. You really need to consider the worst case scenarios and how you would deal with them. It can be hard to imagine that you could lose facilities, power, communications, data, supplies, and worst of all, people.
Rather than having to merely keep operations running, you are going to possibly need to rebuild your operations. You will need to account for things like alternate sites, alternate means of communication, and backup systems that you can fail over to. You may need to re-route shipping and/or establish new supply chains. You also may need to be concerned about rescuing personnel, giving them housing, and providing them with a means for transportation.
A couple of key items that should be defined in a DR plan include The RTO and RPO (described below). These parameters allow you to determine how much damage a given disaster has caused or is causing, based on what you have done to plan ahead.
A basic tool that can be critical for a DR Plan is a call tree. This is a list of whom to contact, and in what order, when a disaster occurs. This type of list can be critical in a disaster, where it's feasible that one or more people in the contact chain could be missing or unavailable. If your plan relies on key personnel to make decisions, what happens if those people cannot be reached? Who should you reach out to next?
While a call tree was once a simple list, today's technology has enabled automated call trees that can be "activated" to notify people in the chain through multiple modes with the click of a button. Such automated systems can also be set up to reach out to employees at large and ask them to confirm that they are OK.
As mentioned above, people may need to use alternate forms of communication in an emergency. From a cybersecurity point of view, it is important to ensure those alternate communication methods will be secure. You need to protect people's contact info and not leave the organization vulnerable when it is already dealing with a difficult situation. Threat actors could take advantage of such a situation and launch phishing attacks or other social engineering mechanisms that people may fall for when normal systems are down.
In the next lesson, we will shift our focus to the subject of Governance, Risk, and Compliance - beginning with Governance. Be sure to answer the questions on the Tasks tab, then click Continue.